VulnerableCode Package Details - pkg:alpm/archlinux/drupal@9.1.7-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-s8u8-xbdk-87dj Aliases: CVE-2021-33829 GHSA-rgx6-rjj4-c388	ckeditor4 vulnerable to cross-site scripting A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because `--!>` is mishandled.	9.1.10-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-s8u8-xbdk-87dj
Aliases:
CVE-2021-33829
GHSA-rgx6-rjj4-c388

ckeditor4 vulnerable to cross-site scripting A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because `--!>` is mishandled.

9.1.10-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-k1gx-nznx-7qd6	Drupal core Cross-site Scripting (XSS) vulnerability Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions prior to 9.1.7; 9.0.x versions prior to 9.0.12; 8.9.x versions prior to 8.9.14; 7.x versions prior to 7.80.	CVE-2020-13672 GHSA-3m36-mjwj-352c
VCID-kc7d-5k6x-77bp	Directory Traversal in Archive_Tar Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. ### :exclamation: Note: There was an [initial fix](https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916) for this vulnerability made in version `1.4.12`. That fix introduced a bug which was [fixed in 1.4.13](https://github.com/pear/Archive_Tar/pull/36). Therefore we have set the first-patched-version to `1.4.13` which the earliest working version that avoids this vulnerability.	CVE-2020-36193 GHSA-rpw6-9xfx-jvcx

Vulnerability

Summary

Aliases

VCID-k1gx-nznx-7qd6

Drupal core Cross-site Scripting (XSS) vulnerability Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions prior to 9.1.7; 9.0.x versions prior to 9.0.12; 8.9.x versions prior to 8.9.14; 7.x versions prior to 7.80.

CVE-2020-13672
GHSA-3m36-mjwj-352c

VCID-kc7d-5k6x-77bp

Directory Traversal in Archive_Tar Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. ### :exclamation: Note: There was an [initial fix](https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916) for this vulnerability made in version `1.4.12`. That fix introduced a bug which was [fixed in 1.4.13](https://github.com/pear/Archive_Tar/pull/36). Therefore we have set the first-patched-version to `1.4.13` which the earliest working version that avoids this vulnerability.

CVE-2020-36193
GHSA-rpw6-9xfx-jvcx

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T18:25:31.058083+00:00	Arch Linux Importer	Affected by	VCID-s8u8-xbdk-87dj	https://security.archlinux.org/AVG-2069	38.0.0
2026-04-01T18:24:17.020184+00:00	Arch Linux Importer	Fixing	VCID-k1gx-nznx-7qd6	https://security.archlinux.org/AVG-1463	38.0.0
2026-04-01T18:24:16.998178+00:00	Arch Linux Importer	Fixing	VCID-kc7d-5k6x-77bp	https://security.archlinux.org/AVG-1463	38.0.0